1425 \<close> |
1425 \<close> |
1426 |
1426 |
1427 |
1427 |
1428 chapter \<open>Proof tools\<close> |
1428 chapter \<open>Proof tools\<close> |
1429 |
1429 |
1430 section \<open>Transfer package \label{sec:transfer}\<close> |
|
1431 |
|
1432 text \<open> |
|
1433 \begin{matharray}{rcl} |
|
1434 @{method_def (HOL) "transfer"} & : & @{text method} \\ |
|
1435 @{method_def (HOL) "transfer'"} & : & @{text method} \\ |
|
1436 @{method_def (HOL) "transfer_prover"} & : & @{text method} \\ |
|
1437 @{attribute_def (HOL) "Transfer.transferred"} & : & @{text attribute} \\ |
|
1438 @{attribute_def (HOL) "untransferred"} & : & @{text attribute} \\ |
|
1439 @{attribute_def (HOL) "transfer_rule"} & : & @{text attribute} \\ |
|
1440 @{attribute_def (HOL) "transfer_domain_rule"} & : & @{text attribute} \\ |
|
1441 @{attribute_def (HOL) "relator_eq"} & : & @{text attribute} \\ |
|
1442 @{attribute_def (HOL) "relator_domain"} & : & @{text attribute} \\ |
|
1443 \end{matharray} |
|
1444 |
|
1445 \begin{description} |
|
1446 |
|
1447 \item @{method (HOL) "transfer"} method replaces the current subgoal |
|
1448 with a logically equivalent one that uses different types and |
|
1449 constants. The replacement of types and constants is guided by the |
|
1450 database of transfer rules. Goals are generalized over all free |
|
1451 variables by default; this is necessary for variables whose types |
|
1452 change, but can be overridden for specific variables with e.g. |
|
1453 @{text "transfer fixing: x y z"}. |
|
1454 |
|
1455 \item @{method (HOL) "transfer'"} is a variant of @{method (HOL) |
|
1456 transfer} that allows replacing a subgoal with one that is |
|
1457 logically stronger (rather than equivalent). For example, a |
|
1458 subgoal involving equality on a quotient type could be replaced |
|
1459 with a subgoal involving equality (instead of the corresponding |
|
1460 equivalence relation) on the underlying raw type. |
|
1461 |
|
1462 \item @{method (HOL) "transfer_prover"} method assists with proving |
|
1463 a transfer rule for a new constant, provided the constant is |
|
1464 defined in terms of other constants that already have transfer |
|
1465 rules. It should be applied after unfolding the constant |
|
1466 definitions. |
|
1467 |
|
1468 \item @{attribute (HOL) "untransferred"} proves the same equivalent theorem |
|
1469 as @{method (HOL) "transfer"} internally does. |
|
1470 |
|
1471 \item @{attribute (HOL) Transfer.transferred} works in the opposite |
|
1472 direction than @{method (HOL) "transfer'"}. E.g., given the transfer |
|
1473 relation @{text "ZN x n \<equiv> (x = int n)"}, corresponding transfer rules and the theorem |
|
1474 @{text "\<forall>x::int \<in> {0..}. x < x + 1"}, the attribute would prove |
|
1475 @{text "\<forall>n::nat. n < n + 1"}. The attribute is still in experimental |
|
1476 phase of development. |
|
1477 |
|
1478 \item @{attribute (HOL) "transfer_rule"} attribute maintains a |
|
1479 collection of transfer rules, which relate constants at two |
|
1480 different types. Typical transfer rules may relate different type |
|
1481 instances of the same polymorphic constant, or they may relate an |
|
1482 operation on a raw type to a corresponding operation on an |
|
1483 abstract type (quotient or subtype). For example: |
|
1484 |
|
1485 @{text "((A ===> B) ===> list_all2 A ===> list_all2 B) map map"}\\ |
|
1486 @{text "(cr_int ===> cr_int ===> cr_int) (\<lambda>(x,y) (u,v). (x+u, y+v)) plus"} |
|
1487 |
|
1488 Lemmas involving predicates on relations can also be registered |
|
1489 using the same attribute. For example: |
|
1490 |
|
1491 @{text "bi_unique A \<Longrightarrow> (list_all2 A ===> op =) distinct distinct"}\\ |
|
1492 @{text "\<lbrakk>bi_unique A; bi_unique B\<rbrakk> \<Longrightarrow> bi_unique (rel_prod A B)"} |
|
1493 |
|
1494 Preservation of predicates on relations (@{text "bi_unique, bi_total, |
|
1495 right_unique, right_total, left_unique, left_total"}) with the respect to a relator |
|
1496 is proved automatically if the involved type is BNF |
|
1497 @{cite "isabelle-datatypes"} without dead variables. |
|
1498 |
|
1499 \item @{attribute (HOL) "transfer_domain_rule"} attribute maintains a collection |
|
1500 of rules, which specify a domain of a transfer relation by a predicate. |
|
1501 E.g., given the transfer relation @{text "ZN x n \<equiv> (x = int n)"}, |
|
1502 one can register the following transfer domain rule: |
|
1503 @{text "Domainp ZN = (\<lambda>x. x \<ge> 0)"}. The rules allow the package to produce |
|
1504 more readable transferred goals, e.g., when quantifiers are transferred. |
|
1505 |
|
1506 \item @{attribute (HOL) relator_eq} attribute collects identity laws |
|
1507 for relators of various type constructors, e.g. @{term "rel_set |
|
1508 (op =) = (op =)"}. The @{method (HOL) transfer} method uses these |
|
1509 lemmas to infer transfer rules for non-polymorphic constants on |
|
1510 the fly. For examples see @{file |
|
1511 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
|
1512 This property is proved automatically if the involved type is BNF without dead variables. |
|
1513 |
|
1514 \item @{attribute_def (HOL) "relator_domain"} attribute collects rules |
|
1515 describing domains of relators by predicators. E.g., |
|
1516 @{term "Domainp (rel_set T) = (\<lambda>A. Ball A (Domainp T))"}. This allows the package |
|
1517 to lift transfer domain rules through type constructors. For examples see @{file |
|
1518 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
|
1519 This property is proved automatically if the involved type is BNF without dead variables. |
|
1520 |
|
1521 \end{description} |
|
1522 |
|
1523 Theoretical background can be found in @{cite "Huffman-Kuncar:2013:lifting_transfer"}. |
|
1524 \<close> |
|
1525 |
|
1526 |
1430 |
1527 section \<open>Lifting package \label{sec:lifting}\<close> |
1431 section \<open>Lifting package \label{sec:lifting}\<close> |
1528 |
1432 |
1529 text \<open> |
1433 text \<open> |
1530 The Lifting package allows users to lift terms of the raw type to the abstract type, which is |
|
1531 a necessary step in building a library for an abstract type. Lifting defines a new constant |
|
1532 by combining coercion functions (Abs and Rep) with the raw term. It also proves an appropriate |
|
1533 transfer rule for the Transfer package and, if possible, an equation for the code generator. |
|
1534 |
|
1535 The Lifting package provides two main commands: @{command (HOL) "setup_lifting"} for initializing |
|
1536 the package to work with a new type, and @{command (HOL) "lift_definition"} for lifting constants. |
|
1537 The Lifting package works with all four kinds of type abstraction: type copies, subtypes, |
|
1538 total quotients and partial quotients. |
|
1539 |
|
1540 Theoretical background can be found in @{cite "Huffman-Kuncar:2013:lifting_transfer"}. |
|
1541 |
|
1542 \begin{matharray}{rcl} |
1434 \begin{matharray}{rcl} |
1543 @{command_def (HOL) "setup_lifting"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
1435 @{command_def (HOL) "setup_lifting"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
1544 @{command_def (HOL) "lift_definition"} & : & @{text "local_theory \<rightarrow> proof(prove)"}\\ |
1436 @{command_def (HOL) "lift_definition"} & : & @{text "local_theory \<rightarrow> proof(prove)"}\\ |
1545 @{command_def (HOL) "lifting_forget"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
1437 @{command_def (HOL) "lifting_forget"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
1546 @{command_def (HOL) "lifting_update"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
1438 @{command_def (HOL) "lifting_update"} & : & @{text "local_theory \<rightarrow> local_theory"}\\ |
1576 @@{attribute (HOL) lifting_restore} @{syntax thmref} (@{syntax thmref} @{syntax thmref})? |
1484 @@{attribute (HOL) lifting_restore} @{syntax thmref} (@{syntax thmref} @{syntax thmref})? |
1577 \<close>} |
1485 \<close>} |
1578 |
1486 |
1579 \begin{description} |
1487 \begin{description} |
1580 |
1488 |
1581 \item @{command (HOL) "setup_lifting"} Sets up the Lifting package |
1489 \item @{command (HOL) "setup_lifting"} Sets up the Lifting package to work |
1582 to work with a user-defined type. |
1490 with a user-defined type. The command supports two modes. The first one is |
1583 The command supports two modes. The first one is a low-level mode when |
1491 a low-level mode when the user must provide as a first argument of |
1584 the user must provide as a first |
1492 @{command (HOL) "setup_lifting"} a quotient theorem @{term "Quotient R Abs |
1585 argument of @{command (HOL) "setup_lifting"} a |
1493 Rep T"}. The package configures a transfer rule for equality, a domain |
1586 quotient theorem @{term "Quotient R Abs Rep T"}. The |
1494 transfer rules and sets up the @{command_def (HOL) "lift_definition"} |
1587 package configures a transfer rule for equality, a domain transfer |
1495 command to work with the abstract type. An optional theorem @{term "reflp |
1588 rules and sets up the @{command_def (HOL) "lift_definition"} |
1496 R"}, which certifies that the equivalence relation R is total, can be |
1589 command to work with the abstract type. An optional theorem @{term "reflp R"}, which certifies that |
1497 provided as a second argument. This allows the package to generate |
1590 the equivalence relation R is total, |
1498 stronger transfer rules. And finally, the parametricity theorem for R can |
1591 can be provided as a second argument. This allows the package to generate stronger transfer |
1499 be provided as a third argument. This allows the package to generate a |
1592 rules. And finally, the parametricity theorem for R can be provided as a third argument. |
1500 stronger transfer rule for equality. |
1593 This allows the package to generate a stronger transfer rule for equality. |
1501 |
1594 |
1502 Users generally will not prove the @{text Quotient} theorem manually for |
1595 Users generally will not prove the @{text Quotient} theorem manually for |
1503 new types, as special commands exist to automate the process. |
1596 new types, as special commands exist to automate the process. |
1504 |
1597 |
1505 When a new subtype is defined by @{command (HOL) typedef}, @{command (HOL) |
1598 When a new subtype is defined by @{command (HOL) typedef}, @{command (HOL) "lift_definition"} |
1506 "lift_definition"} can be used in its second mode, where only the |
1599 can be used in its |
1507 type_definition theorem @{text "type_definition Rep Abs A"} is used as an |
1600 second mode, where only the type_definition theorem @{text "type_definition Rep Abs A"} |
1508 argument of the command. The command internally proves the corresponding |
1601 is used as an argument of the command. The command internally proves the corresponding |
1509 Quotient theorem and registers it with @{command (HOL) setup_lifting} |
1602 Quotient theorem and registers it with @{command (HOL) setup_lifting} using its first mode. |
1510 using its first mode. |
1603 |
1511 |
1604 For quotients, the command @{command (HOL) quotient_type} can be used. The command defines |
1512 For quotients, the command @{command (HOL) quotient_type} can be used. The |
1605 a new quotient type and similarly to the previous case, the corresponding Quotient theorem is proved |
1513 command defines a new quotient type and similarly to the previous case, |
1606 and registered by @{command (HOL) setup_lifting}. |
1514 the corresponding Quotient theorem is proved and registered by @{command |
1607 |
1515 (HOL) setup_lifting}. |
1608 The command @{command (HOL) "setup_lifting"} also sets up the code generator |
1516 |
1609 for the new type. Later on, when a new constant is defined by @{command (HOL) "lift_definition"}, |
1517 The command @{command (HOL) "setup_lifting"} also sets up the code |
1610 the Lifting package proves and registers a code equation (if there is one) for the new constant. |
1518 generator for the new type. Later on, when a new constant is defined by |
1611 |
1519 @{command (HOL) "lift_definition"}, the Lifting package proves and |
1612 \item @{command (HOL) "lift_definition"} @{text "f :: \<tau>"} @{keyword (HOL) "is"} @{text t} |
1520 registers a code equation (if there is one) for the new constant. |
1613 Defines a new function @{text f} with an abstract type @{text \<tau>} |
1521 |
1614 in terms of a corresponding operation @{text t} on a |
1522 \item @{command (HOL) "lift_definition"} @{text "f :: \<tau>"} @{keyword (HOL) |
1615 representation type. More formally, if @{text "t :: \<sigma>"}, then |
1523 "is"} @{text t} Defines a new function @{text f} with an abstract type |
1616 the command builds a term @{text "F"} as a corresponding combination of abstraction |
1524 @{text \<tau>} in terms of a corresponding operation @{text t} on a |
1617 and representation functions such that @{text "F :: \<sigma> \<Rightarrow> \<tau>" } and |
1525 representation type. More formally, if @{text "t :: \<sigma>"}, then the command |
1618 defines @{text f} is as @{text "f \<equiv> F t"}. |
1526 builds a term @{text "F"} as a corresponding combination of abstraction |
1619 The term @{text t} does not have to be necessarily a constant but it can be any term. |
1527 and representation functions such that @{text "F :: \<sigma> \<Rightarrow> \<tau>" } and defines |
1620 |
1528 @{text f} is as @{text "f \<equiv> F t"}. The term @{text t} does not have to be |
1621 The command opens a proof environment and the user must discharge |
1529 necessarily a constant but it can be any term. |
1622 a respectfulness proof obligation. For a type copy, i.e., a typedef with @{text |
1530 |
1623 UNIV}, the obligation is discharged automatically. The proof goal is |
1531 The command opens a proof environment and the user must discharge a |
1624 presented in a user-friendly, readable form. A respectfulness |
1532 respectfulness proof obligation. For a type copy, i.e., a typedef with |
1625 theorem in the standard format @{text f.rsp} and a transfer rule |
1533 @{text UNIV}, the obligation is discharged automatically. The proof goal |
1626 @{text f.transfer} for the Transfer package are generated by the |
1534 is presented in a user-friendly, readable form. A respectfulness theorem |
1627 package. |
1535 in the standard format @{text f.rsp} and a transfer rule @{text |
1628 |
1536 f.transfer} for the Transfer package are generated by the package. |
1629 The user can specify a parametricity theorems for @{text t} after the keyword |
1537 |
1630 @{keyword "parametric"}, which allows the command |
1538 The user can specify a parametricity theorems for @{text t} after the |
1631 to generate parametric transfer rules for @{text f}. |
1539 keyword @{keyword "parametric"}, which allows the command to generate |
1632 |
1540 parametric transfer rules for @{text f}. |
1633 For each constant defined through trivial quotients (type copies or |
1541 |
1634 subtypes) @{text f.rep_eq} is generated. The equation is a code certificate |
1542 For each constant defined through trivial quotients (type copies or |
1635 that defines @{text f} using the representation function. |
1543 subtypes) @{text f.rep_eq} is generated. The equation is a code |
1636 |
1544 certificate that defines @{text f} using the representation function. |
1637 For each constant @{text f.abs_eq} is generated. The equation is unconditional |
1545 |
1638 for total quotients. The equation defines @{text f} using |
1546 For each constant @{text f.abs_eq} is generated. The equation is |
1639 the abstraction function. |
1547 unconditional for total quotients. The equation defines @{text f} using |
1640 |
1548 the abstraction function. |
1641 Integration with [@{attribute code} abstract]: For subtypes (e.g., |
1549 |
1642 corresponding to a datatype invariant, such as @{typ "'a dlist"}), @{command |
1550 Integration with [@{attribute code} abstract]: For subtypes (e.g., |
1643 (HOL) "lift_definition"} uses a code certificate theorem |
1551 corresponding to a datatype invariant, such as @{typ "'a dlist"}), |
1644 @{text f.rep_eq} as a code equation. Because of the limitation of the code generator, |
1552 @{command (HOL) "lift_definition"} uses a code certificate theorem @{text |
1645 @{text f.rep_eq} cannot be used as a code equation if the subtype occurs inside the result |
1553 f.rep_eq} as a code equation. Because of the limitation of the code |
1646 type rather than at the top level (e.g., function returning @{typ "'a dlist option"} vs. |
1554 generator, @{text f.rep_eq} cannot be used as a code equation if the |
1647 @{typ "'a dlist"}). In this case, an extension of @{command |
1555 subtype occurs inside the result type rather than at the top level (e.g., |
1648 (HOL) "lift_definition"} can be invoked by specifying the flag @{text "code_dt"}. This |
1556 function returning @{typ "'a dlist option"} vs. @{typ "'a dlist"}). In |
1649 extension enables code execution through series of internal type and lifting definitions |
1557 this case, an extension of @{command (HOL) "lift_definition"} can be |
1650 if the return type @{text "\<tau>"} meets the following inductive conditions: |
1558 invoked by specifying the flag @{text "code_dt"}. This extension enables |
1651 \begin{description} |
1559 code execution through series of internal type and lifting definitions if |
1652 \item @{text "\<tau>"} is a type variable |
1560 the return type @{text "\<tau>"} meets the following inductive conditions: |
1653 \item @{text "\<tau> = \<tau>\<^sub>1 \<dots> \<tau>\<^sub>n \<kappa>"}, where @{text "\<kappa>"} is an abstract type constructor |
1561 \begin{description} \item @{text "\<tau>"} is a type variable \item @{text "\<tau> = |
1654 and @{text "\<tau>\<^sub>1 \<dots> \<tau>\<^sub>n"} do not contain abstract types (i.e., @{typ "int dlist"} is allowed |
1562 \<tau>\<^sub>1 \<dots> \<tau>\<^sub>n \<kappa>"}, where @{text "\<kappa>"} is an abstract type constructor and |
1655 whereas @{typ "int dlist dlist"} not) |
1563 @{text "\<tau>\<^sub>1 \<dots> \<tau>\<^sub>n"} do not contain abstract types (i.e., @{typ "int |
1656 \item @{text "\<tau> = \<tau>\<^sub>1 \<dots> \<tau>\<^sub>n \<kappa>"}, @{text "\<kappa>"} is a type constructor that was defined as a |
1564 dlist"} is allowed whereas @{typ "int dlist dlist"} not) \item @{text "\<tau> = |
1657 (co)datatype whose constructor argument types do not contain either non-free datatypes |
1565 \<tau>\<^sub>1 \<dots> \<tau>\<^sub>n \<kappa>"}, @{text "\<kappa>"} is a type constructor that was defined as a |
1658 or the function type. |
1566 (co)datatype whose constructor argument types do not contain either |
1659 \end{description} |
1567 non-free datatypes or the function type. \end{description} |
1660 |
1568 |
1661 Integration with [@{attribute code} equation]: For total quotients, @{command |
1569 Integration with [@{attribute code} equation]: For total quotients, |
1662 (HOL) "lift_definition"} uses @{text f.abs_eq} as a code equation. |
1570 @{command (HOL) "lift_definition"} uses @{text f.abs_eq} as a code |
1663 |
1571 equation. |
1664 \item @{command (HOL) lifting_forget} and @{command (HOL) lifting_update} |
1572 |
1665 These two commands serve for storing and deleting the set-up of |
1573 \item @{command (HOL) lifting_forget} and @{command (HOL) lifting_update} |
1666 the Lifting package and corresponding transfer rules defined by this package. |
1574 These two commands serve for storing and deleting the set-up of the |
1667 This is useful for hiding of type construction details of an abstract type |
1575 Lifting package and corresponding transfer rules defined by this package. |
1668 when the construction is finished but it still allows additions to this construction |
1576 This is useful for hiding of type construction details of an abstract type |
1669 when this is later necessary. |
1577 when the construction is finished but it still allows additions to this |
1670 |
1578 construction when this is later necessary. |
1671 Whenever the Lifting package is set up with a new abstract type @{text "\<tau>"} by |
1579 |
1672 @{command_def (HOL) "lift_definition"}, the package defines a new bundle |
1580 Whenever the Lifting package is set up with a new abstract type @{text |
1673 that is called @{text "\<tau>.lifting"}. This bundle already includes set-up for the Lifting package. |
1581 "\<tau>"} by @{command_def (HOL) "lift_definition"}, the package defines a new |
1674 The new transfer rules |
1582 bundle that is called @{text "\<tau>.lifting"}. This bundle already includes |
1675 introduced by @{command (HOL) "lift_definition"} can be stored in the bundle by |
1583 set-up for the Lifting package. The new transfer rules introduced by |
1676 the command @{command (HOL) "lifting_update"} @{text "\<tau>.lifting"}. |
1584 @{command (HOL) "lift_definition"} can be stored in the bundle by the |
1677 |
1585 command @{command (HOL) "lifting_update"} @{text "\<tau>.lifting"}. |
1678 The command @{command (HOL) "lifting_forget"} @{text "\<tau>.lifting"} deletes set-up of the Lifting |
1586 |
1679 package |
1587 The command @{command (HOL) "lifting_forget"} @{text "\<tau>.lifting"} deletes |
1680 for @{text \<tau>} and deletes all the transfer rules that were introduced |
1588 set-up of the Lifting package for @{text \<tau>} and deletes all the transfer |
1681 by @{command (HOL) "lift_definition"} using @{text \<tau>} as an abstract type. |
1589 rules that were introduced by @{command (HOL) "lift_definition"} using |
1682 |
1590 @{text \<tau>} as an abstract type. |
1683 The stored set-up in a bundle can be reintroduced by the Isar commands for including a bundle |
1591 |
1684 (@{command "include"}, @{keyword "includes"} and @{command "including"}). |
1592 The stored set-up in a bundle can be reintroduced by the Isar commands for |
|
1593 including a bundle (@{command "include"}, @{keyword "includes"} and |
|
1594 @{command "including"}). |
1685 |
1595 |
1686 \item @{command (HOL) "print_quot_maps"} prints stored quotient map |
1596 \item @{command (HOL) "print_quot_maps"} prints stored quotient map |
1687 theorems. |
1597 theorems. |
1688 |
1598 |
1689 \item @{command (HOL) "print_quotients"} prints stored quotient |
1599 \item @{command (HOL) "print_quotients"} prints stored quotient theorems. |
1690 theorems. |
1600 |
1691 |
1601 \item @{attribute (HOL) quot_map} registers a quotient map theorem, a |
1692 \item @{attribute (HOL) quot_map} registers a quotient map |
1602 theorem showing how to "lift" quotients over type constructors. E.g., |
1693 theorem, a theorem showing how to "lift" quotients over type constructors. |
1603 @{term "Quotient R Abs Rep T \<Longrightarrow> Quotient (rel_set R) (image Abs) (image |
1694 E.g., @{term "Quotient R Abs Rep T \<Longrightarrow> |
1604 Rep) (rel_set T)"}. For examples see @{file "~~/src/HOL/Lifting_Set.thy"} |
1695 Quotient (rel_set R) (image Abs) (image Rep) (rel_set T)"}. |
1605 or @{file "~~/src/HOL/Lifting.thy"}. This property is proved automatically |
1696 For examples see @{file |
1606 if the involved type is BNF without dead variables. |
1697 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
1607 |
1698 This property is proved automatically if the involved type is BNF without dead variables. |
1608 \item @{attribute (HOL) relator_eq_onp} registers a theorem that shows |
1699 |
1609 that a relator applied to an equality restricted by a predicate @{term P} |
1700 \item @{attribute (HOL) relator_eq_onp} registers a theorem that |
1610 (i.e., @{term "eq_onp P"}) is equal to a predicator applied to the @{term |
1701 shows that a relator applied to an equality restricted by a predicate @{term P} (i.e., @{term |
1611 P}. The combinator @{const eq_onp} is used for internal encoding of proper |
1702 "eq_onp P"}) is equal |
1612 subtypes. Such theorems allows the package to hide @{text eq_onp} from a |
1703 to a predicator applied to the @{term P}. The combinator @{const eq_onp} is used for |
1613 user in a user-readable form of a respectfulness theorem. For examples see |
1704 internal encoding of proper subtypes. Such theorems allows the package to hide @{text |
1614 @{file "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
1705 eq_onp} from a user in a user-readable form of a |
1615 This property is proved automatically if the involved type is BNF without |
1706 respectfulness theorem. For examples see @{file |
1616 dead variables. |
1707 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
1617 |
1708 This property is proved automatically if the involved type is BNF without dead variables. |
1618 \item @{attribute (HOL) "relator_mono"} registers a property describing a |
1709 |
1619 monotonicity of a relator. E.g., @{term "A \<le> B \<Longrightarrow> rel_set A \<le> rel_set B"}. |
1710 \item @{attribute (HOL) "relator_mono"} registers a property describing a monotonicity of a relator. |
1620 This property is needed for proving a stronger transfer rule in |
1711 E.g., @{term "A \<le> B \<Longrightarrow> rel_set A \<le> rel_set B"}. |
1621 @{command_def (HOL) "lift_definition"} when a parametricity theorem for |
1712 This property is needed for proving a stronger transfer rule in @{command_def (HOL) "lift_definition"} |
1622 the raw term is specified and also for the reflexivity prover. For |
1713 when a parametricity theorem for the raw term is specified and also for the reflexivity prover. |
1623 examples see @{file "~~/src/HOL/Lifting_Set.thy"} or @{file |
1714 For examples see @{file |
1624 "~~/src/HOL/Lifting.thy"}. This property is proved automatically if the |
1715 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
1625 involved type is BNF without dead variables. |
1716 This property is proved automatically if the involved type is BNF without dead variables. |
1626 |
1717 |
1627 \item @{attribute (HOL) "relator_distr"} registers a property describing a |
1718 \item @{attribute (HOL) "relator_distr"} registers a property describing a distributivity |
1628 distributivity of the relation composition and a relator. E.g., @{text |
1719 of the relation composition and a relator. E.g., |
1629 "rel_set R \<circ>\<circ> rel_set S = rel_set (R \<circ>\<circ> S)"}. This property is needed for |
1720 @{text "rel_set R \<circ>\<circ> rel_set S = rel_set (R \<circ>\<circ> S)"}. |
1630 proving a stronger transfer rule in @{command_def (HOL) "lift_definition"} |
1721 This property is needed for proving a stronger transfer rule in @{command_def (HOL) "lift_definition"} |
1631 when a parametricity theorem for the raw term is specified. When this |
1722 when a parametricity theorem for the raw term is specified. |
1632 equality does not hold unconditionally (e.g., for the function type), the |
1723 When this equality does not hold unconditionally (e.g., for the function type), the user can specified |
1633 user can specified each direction separately and also register multiple |
1724 each direction separately and also register multiple theorems with different set of assumptions. |
1634 theorems with different set of assumptions. This attribute can be used |
1725 This attribute can be used only after the monotonicity property was already registered by |
1635 only after the monotonicity property was already registered by @{attribute |
1726 @{attribute (HOL) "relator_mono"}. For examples see @{file |
1636 (HOL) "relator_mono"}. For examples see @{file |
1727 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
1637 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. This |
1728 This property is proved automatically if the involved type is BNF without dead variables. |
1638 property is proved automatically if the involved type is BNF without dead |
|
1639 variables. |
1729 |
1640 |
1730 \item @{attribute (HOL) quot_del} deletes a corresponding Quotient theorem |
1641 \item @{attribute (HOL) quot_del} deletes a corresponding Quotient theorem |
1731 from the Lifting infrastructure and thus de-register the corresponding quotient. |
1642 from the Lifting infrastructure and thus de-register the corresponding |
1732 This effectively causes that @{command (HOL) lift_definition} will not |
1643 quotient. This effectively causes that @{command (HOL) lift_definition} |
1733 do any lifting for the corresponding type. This attribute is rather used for low-level |
1644 will not do any lifting for the corresponding type. This attribute is |
1734 manipulation with set-up of the Lifting package because @{command (HOL) lifting_forget} is |
1645 rather used for low-level manipulation with set-up of the Lifting package |
1735 preferred for normal usage. |
1646 because @{command (HOL) lifting_forget} is preferred for normal usage. |
1736 |
1647 |
1737 \item @{attribute (HOL) lifting_restore} @{text "Quotient_thm pcr_def pcr_cr_eq_thm"} |
1648 \item @{attribute (HOL) lifting_restore} @{text "Quotient_thm pcr_def |
1738 registers the Quotient theorem @{text Quotient_thm} in the Lifting infrastructure |
1649 pcr_cr_eq_thm"} registers the Quotient theorem @{text Quotient_thm} in the |
1739 and thus sets up lifting for an abstract type @{text \<tau>} (that is defined by @{text Quotient_thm}). |
1650 Lifting infrastructure and thus sets up lifting for an abstract type |
1740 Optional theorems @{text pcr_def} and @{text pcr_cr_eq_thm} can be specified to register |
1651 @{text \<tau>} (that is defined by @{text Quotient_thm}). Optional theorems |
1741 the parametrized |
1652 @{text pcr_def} and @{text pcr_cr_eq_thm} can be specified to register the |
1742 correspondence relation for @{text \<tau>}. E.g., for @{typ "'a dlist"}, @{text pcr_def} is |
1653 parametrized correspondence relation for @{text \<tau>}. E.g., for @{typ "'a |
1743 @{text "pcr_dlist A \<equiv> list_all2 A \<circ>\<circ> cr_dlist"} and @{text pcr_cr_eq_thm} is |
1654 dlist"}, @{text pcr_def} is @{text "pcr_dlist A \<equiv> list_all2 A \<circ>\<circ> |
1744 @{text "pcr_dlist op= = op="}. |
1655 cr_dlist"} and @{text pcr_cr_eq_thm} is @{text "pcr_dlist op= = op="}. |
1745 This attribute is rather used for low-level |
1656 This attribute is rather used for low-level manipulation with set-up of |
1746 manipulation with set-up of the Lifting package because using of the bundle @{text \<tau>.lifting} |
1657 the Lifting package because using of the bundle @{text \<tau>.lifting} together |
1747 together with the commands @{command (HOL) lifting_forget} and @{command (HOL) lifting_update} is |
1658 with the commands @{command (HOL) lifting_forget} and @{command (HOL) |
1748 preferred for normal usage. |
1659 lifting_update} is preferred for normal usage. |
1749 |
1660 |
1750 \item Integration with the BNF package @{cite "isabelle-datatypes"}: |
1661 \item Integration with the BNF package @{cite "isabelle-datatypes"}: As |
1751 As already mentioned, the theorems that are registered |
1662 already mentioned, the theorems that are registered by the following |
1752 by the following attributes are proved and registered automatically if the involved type |
1663 attributes are proved and registered automatically if the involved type is |
1753 is BNF without dead variables: @{attribute (HOL) quot_map}, @{attribute (HOL) relator_eq_onp}, |
1664 BNF without dead variables: @{attribute (HOL) quot_map}, @{attribute (HOL) |
1754 @{attribute (HOL) "relator_mono"}, @{attribute (HOL) "relator_distr"}. Also the definition of a |
1665 relator_eq_onp}, @{attribute (HOL) "relator_mono"}, @{attribute (HOL) |
1755 relator and predicator is provided automatically. Moreover, if the BNF represents a datatype, |
1666 "relator_distr"}. Also the definition of a relator and predicator is |
1756 simplification rules for a predicator are again proved automatically. |
1667 provided automatically. Moreover, if the BNF represents a datatype, |
1757 |
1668 simplification rules for a predicator are again proved automatically. |
1758 \end{description} |
1669 |
|
1670 \end{description} |
|
1671 \<close> |
|
1672 |
|
1673 |
|
1674 section \<open>Transfer package \label{sec:transfer}\<close> |
|
1675 |
|
1676 text \<open> |
|
1677 \begin{matharray}{rcl} |
|
1678 @{method_def (HOL) "transfer"} & : & @{text method} \\ |
|
1679 @{method_def (HOL) "transfer'"} & : & @{text method} \\ |
|
1680 @{method_def (HOL) "transfer_prover"} & : & @{text method} \\ |
|
1681 @{attribute_def (HOL) "Transfer.transferred"} & : & @{text attribute} \\ |
|
1682 @{attribute_def (HOL) "untransferred"} & : & @{text attribute} \\ |
|
1683 @{attribute_def (HOL) "transfer_rule"} & : & @{text attribute} \\ |
|
1684 @{attribute_def (HOL) "transfer_domain_rule"} & : & @{text attribute} \\ |
|
1685 @{attribute_def (HOL) "relator_eq"} & : & @{text attribute} \\ |
|
1686 @{attribute_def (HOL) "relator_domain"} & : & @{text attribute} \\ |
|
1687 \end{matharray} |
|
1688 |
|
1689 \begin{description} |
|
1690 |
|
1691 \item @{method (HOL) "transfer"} method replaces the current subgoal with |
|
1692 a logically equivalent one that uses different types and constants. The |
|
1693 replacement of types and constants is guided by the database of transfer |
|
1694 rules. Goals are generalized over all free variables by default; this is |
|
1695 necessary for variables whose types change, but can be overridden for |
|
1696 specific variables with e.g. @{text "transfer fixing: x y z"}. |
|
1697 |
|
1698 \item @{method (HOL) "transfer'"} is a variant of @{method (HOL) transfer} |
|
1699 that allows replacing a subgoal with one that is logically stronger |
|
1700 (rather than equivalent). For example, a subgoal involving equality on a |
|
1701 quotient type could be replaced with a subgoal involving equality (instead |
|
1702 of the corresponding equivalence relation) on the underlying raw type. |
|
1703 |
|
1704 \item @{method (HOL) "transfer_prover"} method assists with proving a |
|
1705 transfer rule for a new constant, provided the constant is defined in |
|
1706 terms of other constants that already have transfer rules. It should be |
|
1707 applied after unfolding the constant definitions. |
|
1708 |
|
1709 \item @{attribute (HOL) "untransferred"} proves the same equivalent |
|
1710 theorem as @{method (HOL) "transfer"} internally does. |
|
1711 |
|
1712 \item @{attribute (HOL) Transfer.transferred} works in the opposite |
|
1713 direction than @{method (HOL) "transfer'"}. E.g., given the transfer |
|
1714 relation @{text "ZN x n \<equiv> (x = int n)"}, corresponding transfer rules and |
|
1715 the theorem @{text "\<forall>x::int \<in> {0..}. x < x + 1"}, the attribute would |
|
1716 prove @{text "\<forall>n::nat. n < n + 1"}. The attribute is still in experimental |
|
1717 phase of development. |
|
1718 |
|
1719 \item @{attribute (HOL) "transfer_rule"} attribute maintains a collection |
|
1720 of transfer rules, which relate constants at two different types. Typical |
|
1721 transfer rules may relate different type instances of the same polymorphic |
|
1722 constant, or they may relate an operation on a raw type to a corresponding |
|
1723 operation on an abstract type (quotient or subtype). For example: |
|
1724 |
|
1725 @{text "((A ===> B) ===> list_all2 A ===> list_all2 B) map map"} \\ |
|
1726 @{text "(cr_int ===> cr_int ===> cr_int) (\<lambda>(x,y) (u,v). (x+u, y+v)) plus"} |
|
1727 |
|
1728 Lemmas involving predicates on relations can also be registered using the |
|
1729 same attribute. For example: |
|
1730 |
|
1731 @{text "bi_unique A \<Longrightarrow> (list_all2 A ===> op =) distinct distinct"} \\ |
|
1732 @{text "\<lbrakk>bi_unique A; bi_unique B\<rbrakk> \<Longrightarrow> bi_unique (rel_prod A B)"} |
|
1733 |
|
1734 Preservation of predicates on relations (@{text "bi_unique, bi_total, |
|
1735 right_unique, right_total, left_unique, left_total"}) with the respect to |
|
1736 a relator is proved automatically if the involved type is BNF @{cite |
|
1737 "isabelle-datatypes"} without dead variables. |
|
1738 |
|
1739 \item @{attribute (HOL) "transfer_domain_rule"} attribute maintains a |
|
1740 collection of rules, which specify a domain of a transfer relation by a |
|
1741 predicate. E.g., given the transfer relation @{text "ZN x n \<equiv> (x = int |
|
1742 n)"}, one can register the following transfer domain rule: @{text "Domainp |
|
1743 ZN = (\<lambda>x. x \<ge> 0)"}. The rules allow the package to produce more readable |
|
1744 transferred goals, e.g., when quantifiers are transferred. |
|
1745 |
|
1746 \item @{attribute (HOL) relator_eq} attribute collects identity laws for |
|
1747 relators of various type constructors, e.g. @{term "rel_set (op =) = (op |
|
1748 =)"}. The @{method (HOL) transfer} method uses these lemmas to infer |
|
1749 transfer rules for non-polymorphic constants on the fly. For examples see |
|
1750 @{file "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. |
|
1751 This property is proved automatically if the involved type is BNF without |
|
1752 dead variables. |
|
1753 |
|
1754 \item @{attribute_def (HOL) "relator_domain"} attribute collects rules |
|
1755 describing domains of relators by predicators. E.g., @{term "Domainp |
|
1756 (rel_set T) = (\<lambda>A. Ball A (Domainp T))"}. This allows the package to lift |
|
1757 transfer domain rules through type constructors. For examples see @{file |
|
1758 "~~/src/HOL/Lifting_Set.thy"} or @{file "~~/src/HOL/Lifting.thy"}. This |
|
1759 property is proved automatically if the involved type is BNF without dead |
|
1760 variables. |
|
1761 |
|
1762 \end{description} |
|
1763 |
|
1764 Theoretical background can be found in @{cite |
|
1765 "Huffman-Kuncar:2013:lifting_transfer"}. |
1759 \<close> |
1766 \<close> |
1760 |
1767 |
1761 |
1768 |
1762 section \<open>Coercive subtyping\<close> |
1769 section \<open>Coercive subtyping\<close> |
1763 |
1770 |